agile risk management - re-engineering risk solutions to enable

Agile Risk ManagementRe-Engineering Risk Solutions to Enable Business Strategies

PROTIVITI • AGILE RISK MANAGEMENT | 1

Executive SummaryThe global financial crisis has forced financial services firms to operate in an intensely complex and challenging environment. As the global economy remains uncertain, causing pockets of volatility to flare up regularly in the increasingly unpredictable financial markets, and as technology companies disrupt the market, competition is fiercer than ever. In addition, overarching these difficult operating conditions is an ever-increasing regulatory burden.

In such an environment, firms must have confidence in their ability to navigate these challenges in order to deliver value to shareholders and stakeholders. Agile, responsive and dynamic risk management and compliance systems are key enablers to success.

Agility is built on dedication to a three-point foundation: an aligned organization permeated by clarity, collaboration and convergence; operational excellence based on strategy informed by foresight and enhanced by transparency; and customer satisfaction enabled by a customer-centric focus on design and development throughout the enterprise.

This paper introduces a new Agile Risk Management philosophy that will enable proactive organizations to take the lead in adopting an agile approach to risk management to better meet the challenges of today’s operating environment.

2 | AGILE RISK MANAGEMENT • PROTIVITI

RISK AND COMPLIANCE CHALLENGES

Emerging from the global financial crisis, organizations have failed to keep pace with changing trends in risk and compliance. Resource allocation for risk and compliance initiatives implemented immediately following the crisis to demonstrate urgency and prioritization to regulators has proven to be unsustainable.

“Firefighting” projects have diverted funds from areas such as customer-facing upgrades and critical investment in creaky legacy systems and have increased the overall cost structure for risk and compliance, restricting business growth. Attempts to effectively build complex processes on inadequate infrastructure have increased head count and slowed down critical processes. Meanwhile, as firms fight fires, they are losing sight of the real benefit of risk management: looking ahead to identify threats and opportunities.

Paradoxically, the increase in spending on risk and compliance initiatives since the crisis has taken place in a period marked by sustained organizational cost-cutting initiatives. While firms continue with their cost-cutting efforts, some that have imposed cuts for several consecutive years are now realizing that they will soon maximize the savings they can derive from straight cost-cutting and that they will need to shift their focus to growth and innovation.

Responding to risk and compliance gaps over the years has left the financial services industry in an unsustainable situation

Growth and innovation have been forced to take a back seat given risk and compliance challenges.

Large bank fines have topped $200B over the past five years.

Operating costs have become unsustainable as quick-fix solutions and increasing headcount are the norm to improve risk management practices.

Inherent risk continues to rise given the underlying business complexity and increased pace of change.

Unsustainable Costs

Significant Fines$200B

Inherent RiskGrowth and

InnovationRisk and

Compliance


In this new environment, boards of directors and senior management need to recognize that current spend on risk and compliance efforts has to be arrested and/or start to shrink while also providing added business value.

“Many organizations are beginning to change their vision for risk management,” says Cory Gunderson, who leads Protiviti’s Global Financial Services Industry practice. “The risk function is moving away from being a control checker and referee to an enabler of business performance by driving a single approach for risk management and taking full responsibility for improving the risk culture of the organization.

“Leading practices in risk management suggest that taking a more agile approach allows improved business performance and anticipation, along with increased transparency. This approach also enables consistent profitability and optimized costs to unlock the true value of risk management.”

All those in risk management and compliance roles will need to maximize the resources they have to remain effective. The prevailing model, in which control functions, including the first, second and third lines of defense, tend to be siloed, manual and reactive, is exacerbating the problem. Too often, these functions employ a reactive find-and-fix model, which expends time and resources firefighting immediate issues, such as regulatory actions or internal audit findings within their individual risk silos, rather than working collaboratively on value-added activities such as risk identification and mitigation.

This is not a recent phenomenon. Risk is stuck in a reactionary cycle, where risk and compliance breakdowns are consuming valuable time and resources that could be deployed elsewhere to enable growth and innovation within the business. For risk management to evolve, this cycle needs to be broken; firms that are constantly fighting fires cannot deal with emerging risks and issues.

Firms have recognized that they need to become more efficient in managing risk, compliance and internal audit requirements. Some have made advances in ensuring the control functions work more closely together, but generally, processes still take too long and are mostly manual, with risk management and compliance activities remaining detective rather than preventative.

Likewise, point-in-time solutions for improving risk management, including regulatory compliance, are no longer adequate for firms seeking to create a more effective and efficient risk framework; risk solutions must be agile. The crises of tomorrow will be different from the crises of the past – they will require agile and effective risk management and compliance functions that can move away from constantly analyzing and reviewing historical information to forecasting future horizons. Equally, risk management and compliance must operate more like business functions to provide value through being agile, responsive and more forward-looking to help enable success for the business.

The time has come for proactive organizations to take the lead by adopting an Agile Risk Management framework to better meet the challenges of today’s customers, shareholders and employees, and of the risk and regulatory environment.


THE SOLUTION

In a fast-changing regulatory and business environment, the key capability for firms to develop is agility. The ability to react rapidly to new regulations, adapt old products or launch new ones in new markets and enhance customer satisfaction with the rapid adoption of new technologies is essential in today’s financial marketplace.

Adopting an Agile Risk Management philosophy requires the use of risk as an enabler to foster real business benefits. Today, risk is viewed as an obligation; tomorrow, risk can enable increased profits and higher customer satisfaction. If risk is addressed up front in the design of products and services and embedded into the fabric of business processes, it lays the foundation for flawless execution and higher customer satisfaction.

What Is Protiviti’s Agile Risk Management Philosophy?

Agile Risk Management aims to maximize the value of risk management to an organization. This starts with the foundation of a comprehensive risk (and compliance) management program, represented in the building blocks below. It is this solid foundation that prepares the firm for a transformation into Agile Risk Management, which focuses on how risk management building blocks can be embedded and designed within business processes. This eliminates short-term, manual solutions, as well as siloed practices and processes, where risk data is unavailable or risk cannot be effectively measured. An example of a target state operating model is depicted below showing the building blocks that enable risk to be managed seamlessly, proactively and easily through a generic business process.

While the building blocks on their own are not revolutionary, when the philosophies of Agile Risk Management – operational excellence, customer satisfaction and an aligned organization – are used to improve these building blocks, organizations can realize tremendous value from risk management in a cost-effective and efficient manner.

The value of Agile Risk Management centers on putting the customer first and providing consistent customer experiences. For the organization, the agility provided by following this philosophy allows optimized performance, freeing up management time and resources to focus on growth realized through taking risk-enabled decisions.


Operational�Excellence

Risk Management

AlignedOrganization

Customer�Satisfaction

Protiviti Agile Risk Management Philosophy

Value of Agile Risk Management

• Customer centricity• Consistent experiences• Agility• Optimized performance• Focus on growth• Risk-enabled decisions


Every organization is at a different stage of maturity and is working to improve its risk management function. In our experience, typical strategies exist to ensure that those essential foundational elements are present to execute risk management activities effectively, providing quick wins for firms to build on and use to motivate their journey to a more agile state. We provide a process for how firms can move into an Agile Risk Management target state through a subset of risk management building blocks.

Target State Operating Model – Agile Risk Management

Uni

fied

Proc

ess

Bui

ldin

g B

lock

s

Strategy Define Assess Implement Sustain

Market Opportunity

1 Risk Informed

Strategy

2 Compliance

Requirements Inventory

5 Risk Identification and

Assessment

6 Risk in Design

9 Aligned Reporting and Actionable Analytics

10 Quality Data and Governance

11 Integrated Risk Technology

7 Process

Management, Monitoring and Testing

3 Risk

Governance Framework

8 Issue

Management

4 Accountability and Incentives

Define Enterprise Standards

Define Risk Appetite

Identify Inherent

Risks

Identify Risks Greater Than

Appetite

Define Products

and Services

Define Performance

Needs

Identify Impacted Processes

Design Process

Communicate to

Stakeholders

Implement Process

Ensure Initial Performance

Achieved

Ensure Process

Adherence

Operate

Perform Continuous

Improvement


Protiviti’s Agile Risk Management Philosophy

Aligned Organization

Elements of Target State Benefits

• Defining business strategy with consideration from control partners

• Clear accountability for risk management; business owns the risk and control partners are appropriately empowered

• Risk and business process convergence• Appropriately resourced and skilled organization• Embedded risk culture throughout the organization that

encourages collaboration and escalation• Risk-enabled decisions aligned to risk appetite• Continuous engagement between control partners and

front-line business units

• Increased organizational capacity to focus on growth and adding market share

• Reduced duplication and rework• Less stress on business stakeholders• Ability to move faster when introducing products or

changes to processes• Enhanced reporting and analytics that enable customer

service and growth

Operational Excellence


• Successfully executed business strategy• Efficient processes and risk agility• Optimized technology• Promotion of risk management that is built into the design

of processes, technology and products• Propensity toward risk prevention versus detection• Transparency that reduces redundancy• Robust process adherence and management

• Increased customer and employee satisfaction• Faster business processes that create competitive advantages• Optimized resource utilization• Streamlined data flow and decreased time to availability –

single source of truth for data• Risk-designed products and services• Simplified reporting and analysis focused on achieving

business objectives within risk appetite limits• Continuously improving technology-enabled processes

and controls

Customer Satisfaction


• Risk management as the driver for consistent customer experiences

• Customers’ needs considered in the design of processes, products and services

• Customer-oriented risk metrics that support informed marketing plans and customer interactions

• Customer-centric focus across the organization• Customer focus that enables enterprise strategy

development and enhances the risk management vision

• Increased loyalty when customers know what to expect; reduction in “surprises”

• Simplified servicing that allows for ease of doing business for the customer and employees

• Faster-developed products that meet customers’ demands• Improved processes and controls that enable the business

to increase market share while protecting the customer• Tailored product and service solutions that fit customer

profiles and drive profitability• Enhanced insight into customers through shared risk data

and analytics


WHAT DOES AN AGILE RISK MANAGEMENT MODEL LOOK LIKE RELATED TO ISSUE MANAGEMENT?

Adopting an Agile Risk Management philosophy does not need to be a lengthy project spanning several years; firms working to become a more agile organization are able to realize benefits relatively fast. One area that can be improved rapidly is issue management.

Too often, response in the financial services industry is reactive. Firms tend to react to issues such as complaints, regulatory actions or internal audit findings individually to stanch the immediate cause of the issues raised. However, for the majority of firms, a broader and more effective analysis of root cause is not conducted. As a result, firms are often faced with very similar issues soon after the initial problem that, with hindsight, could have been prevented if the cause of the original issue had been mitigated more effectively at the time.

Strategy

Develop a uniform, end-to-end issue management process to be used by front-line business.

Integration

Identify all sources of issues and implement a technology platform to create a single “system of record” for all enterprise issues.

Change Management

Incorporate a flexible structure to connect issue management with the firm’s culture.

Validation

Create a process for issue closure featuring detailed closure criteria and procedures to maintain accountability.

Normalization

Embed issue management into the standard operations of the institution as a continuous and fundamental practice in which people actively engage as part of business routines.

Benefit: Organizational Alignment – When a standardized process, incentives and norms are established to encourage proactive management of issues, all personnel begin to recognize the importance of issue management in achieving business objectives.

Benefit: Operational Excellence – When an enterprise moves to a single source of record, all enterprise issues can be inventoried and tracked in an efficient manner. Duplication of issue management efforts is reduced.

Benefit: Customer Satisfaction – Proper root cause analysis and issue validation reduce the chance of issue recurrence, leading to improved controls, processes and, ultimately, customer experiences.


Issues are systemically tied to business processes, systems and controls. When there is a breakdown in one area, this can be easily identified in a unified process, which can then be used to identify links with other business processes that may have also been impacted by the same root cause to address the issue more comprehensively.

Taking a breach in customer data as an example, in addition to identifying what is impacted to evaluate the issue severity, an Agile Risk Management philosophy would manage the issue differently by using additional data to understand the impact on the relative profitability or characteristics of customers. Action plans for remediating the issue would face robust and critical challenge to ensure that the root causes have been comprehensively addressed.

Any action plan would also include a validation that those issues have been completely addressed and closed off. This approach to managing an issue allows for a thorough understanding of the exposure in a customer-centric fashion, allowing the firm to fix the issue correctly the first time and link the breach to other parts of the organization.

“ THE RESPONSE IN THIS INDUSTRY IS REACTIVE. WE FIGHT IN BITS TO STOP THE BLEEDING CAUSED

BY IMMEDIATE ISSUES, BUT WITHOUT CONDUCTING EFFECTIVE ROOT CAUSE ANALYSIS, WE FACE

THE SAME ISSUES A FEW MONTHS LATER. BY EXAMINING HOW AND WHERE BUSINESS PROCESSES

ARE LINKED TO SYSTEMS AND TO CONTROLS, WE CAN FIND ISSUES BEFORE THEY HAPPEN. AND BY

ENSURING ROBUST AND REALLY CRITICAL CHALLENGE, WE COMPREHENSIVELY ADDRESS THOSE ROOT

CAUSES RATHER THAN JUST STOPPING THE BLEEDING.”

MICHAEL BRAUNEIS, MANAGING DIRECTOR, PROTIVITI


WHAT DOES AN AGILE RISK MANAGEMENT MODEL LOOK LIKE RELATED TO PROCESS MANAGEMENT?

Firms that seek to benefit from becoming more agile are able to realize benefits in a shorter window of time by focusing on one building block at a time. A good example of an area where many organizations can realize the benefits of Agile Risk Management is process management, monitoring and testing.

Often, process management, tools, methodologies and routines are not standardized across the first and second lines of defense, which hinders reliance and comparability and results in duplication. Process management that lacks a simple and well-understood taxonomy will fail to achieve both customer and risk management objectives and leave the organization exposed to issues, lost time and unsatisfied customers.

In many cases, there are no effective standards for identifying risks and designing controls as processes are designed or redesigned. Therefore, faulty design creates an environment where monitoring and testing is incomplete, reactive and ad hoc, and where business and risk managers do not use process risk and performance metrics or such metrics are not available.

• Clearly define performance metrics and expectations

• Map processes

• Draft a single set of standards for monitoring and testing

• Build a data warehouse for all monitoring and testing data

• Perform initial analysis of processes and controls to identify improvements

• Monitor and test process performance and risk against defined metrics

• Track and aggregate process monitoring in centralized warehouse and align to issue management and change management processes

• Ensure and measure the completeness and quality of process management against standards

• Provide reporting to key stakeholders on process adherence

• Assess technology solutions and system upgrades

Benefit: Aligned Organization – A single set of standards aligns the entire organization on expectations and practices for process management. Processes are managed consistently with business and risk management goals aligned.

Benefit: Operational Excellence – Once the organization is thinking about process management in the same way, processes, risks and controls can be analyzed and improved to drive operational excellence.

Benefit: Customer Satisfaction – With strong process management, monitoring and testing in place, business processes act as intended, ultimately delivering products and services that meet customer needs.

Define – Establish

Standards

Adhere – Sustain Quality

Manage – Administer Routines


Ultimately, the most effective process management will come from a highly automated monitoring and testing program using consistent data, a common methodology, shared tools and effective reporting across all lines of defense, which supports improving business processes and early identification of issues or breakdowns. This is achieved through the establishment of a common process taxonomy, risk and performance standards, and monitoring and testing techniques that are consistently shared, leading to reliable and repetitive routines. Robust measurement is achieved through monitoring key performance indicators and key risk indicators of processes together.

A common first step to becoming more agile in process management is creating routine process maintenance within business units to gather, document and map current processes, risks and controls. As the organization matures, controls should be analyzed to ensure they are appropriately mitigating risks and rationalized to determine their relative strength (i.e., preventive versus detective and automated versus manual). Agile Risk Management places an emphasis on enhancing quality and the automation of controls; the goal is to minimize time spent on the testing of controls while maintaining the same level of assurance and coverage.

An agile organization generates near real-time monitoring and testing data that is routinely analyzed, and issues, process improvements and lessons learned are shared with stakeholders. Potential customer impact is analyzed as part of process monitoring and remediation focuses on process improvements that reduce errors and increase customer satisfaction.

“ TODAY OUR CLIENTS ARE FOCUSED HEAVILY ON THE TESTING ASPECT OF THIS BUILDING BLOCK.

SIGNIFICANT RESOURCES AND SPENDING GO INTO TESTING FOR CONTROL EFFECTIVENESS

AND EFFICIENCY. WHILE THIS IS A KEY COMPONENT OF AGILE RISK MANAGEMENT, PROTIVITI’S

PHILOSOPHY PUTS MORE EMPHASIS ON THE PROCESS MANAGEMENT AND MONITORING THROUGH

RISK AND PERFORMANCE WITH A TECHNOLOGICALLY ENABLED CONTROL ENVIRONMENT. THE

EMPHASIS IS ON STRENGTHENING OVERALL PROCESS HEALTH, ENHANCING THE QUALITY AND

AUTOMATION OF CONTROLS, AND MINIMIZING THE NUMBER OF RESOURCES AND AMOUNT OF

TIME AND MONEY SPENT ON CONTROL TESTING. THIS SHIFTS AN INSTITUTION’S FOCUS FROM

LOOKING FOR BREAKS IN THE PROCESS THROUGH CONTROL TESTING TO MONITORING RESULTS OF

WELL-UNDERSTOOD AND WELL-MANAGED PROCESSES, IDENTIFYING TRENDS AND CHANGES, AND

MITIGATING FUTURE BREAKDOWNS BEFORE THEY HAPPEN.”

CORY GUNDERSON, GLOBAL FINANCIAL SERVICES PRACTICE LEADER, PROTIVITI

“ THROUGH OUR AGILE RISK MANAGEMENT PHILOSOPHY, THE DESIRED BUSINESS OUTCOME ALWAYS

COMES FIRST. BEFORE NEW PROCESSES ARE DEPLOYED AND AS EXISTING PROCESSES ARE REFINED, THE

PRIMARY FOCUS IS ON HOW TO BEST ACHIEVE THE DESIRED BUSINESS RESULT – INCLUDING CUSTOMER

AND CLIENT SATISFACTION – WITH RISK MANAGEMENT INTEGRATED THROUGHOUT THE PROCESS.”

MATTHEW MOORE, MANAGING DIRECTOR, PROTIVITI


WHAT DOES AN AGILE RISK GOVERNANCE FRAMEWORK LOOK LIKE?

Defining risk and documenting management activities in a multitude of frameworks, policies, procedures and manuals can be complex for organizations to implement, which can be further complicated by the need to train employees and ensure operating standards relating to risk management. Governance around managing risk is assumed to be in place, with responsibility and accountability residing with inefficient committees or remaining undefined. Although many firms have made strides in defining their risk appetite for enterprise and material risks in an effort to achieve strong risk management and in response to recent regulatory guidance, these same firms have had difficulty driving and/or cascading the risk appetite to lines of business or products. Finally, by rushing to define roles and responsibilities to ensure a three-lines-of-defense model, institutions have created duplicative activities, inconsistent standards for key risk management activities and methodologies, and gaps in risk management coverage. Many firms could benefit from greatly simplifying their risk governance frameworks, policies, procedures and manuals utilizing Agile Risk Management methods to refine, improve, communicate, implement and train.

Develop clear definitions for material risks, governance, risk appetite and risk management activities in a framework across the three lines of defense.

Develop programs to verify implementation of the framework and ensure that policies and standards across the organization are in alignment with the framework on an ongoing basis.

Assign ownership and accountability of risk management activities, define clear risk reporting and escalation channels, and communicate across the three lines of defense.

Inventory existing policies and procedures, and perform a gap analysis to identify policies and standards that are not aligned to the defined framework.

Convert methodologies, policies and standards to a standardized format, and update to ensure alignment to the framework and risk appetite.

Benefit: Organizational Alignment – Simplified reporting and analysis focused on achieving business objectives within risk appetite limits.

Benefit: Operational Excellence – Faster business processes that create competitive advantages.

Benefit: Customer Satisfaction – Transparent oversight of risks increases business performance and the institution’s reputation among key stakeholders.

Define Assign Assess

Challenge

Align

The development of the framework and the subsequent assignment of accountability is the crux of the effort in getting to Agile Risk Management and should be a continuous process to revise the framework based on evolving practices, regulatory expectations and shifts in the bank’s risk profile.


In an Agile Risk Management organization, the risk governance framework defines material risks and risk appetite, and provides the foundational information to ensure that standards effectively document how the current and emerging risks are identified, measured, mitigated and reported in a clear and simple method, allowing for adherence monitoring. Owners of all risks are identified and accountability exists for actions to manage the risk. There is full role clarity between business and control partners (lines of defense). Finally, the framework is routinely updated based on changes in the organization’s risk profile, strategic plans and/or other external factors.

Taking a closer view of how a risk governance framework is implemented, an Agile Risk Management organization has sufficient and effective training in place to ensure that every employee understands that risk management is part of his or her role. Employees from all parts of the organization are able to consistently and comprehensively describe and articulate how the organization manages risk and their role in doing so. Risk appetite is a commonly utilized term and measured at a meaningful level across the organization that impacts not only strategic decisions but also day-to-day business decisions. When this is performed correctly, the organization is creating and defining a strong risk culture that is enhanced through Agile Risk Management principles.

“ FINANCIAL INSTITUTIONS HAVE INVESTED SIGNIFICANT TIME, EFFORT AND FUNDS OVER THE LAST

SEVERAL YEARS TO INVENTORY RISKS, UNDERSTAND HOW THOSE RISKS ARE MANAGED, DEFINE RISK

APPETITES, AND THEN REPORT HISTORICAL PERFORMANCE AGAINST RISK APPETITE. AGILE RISK

MANAGEMENT TAKES IT TO THE NEXT STEP BY ENSURING RISK AND RISK APPETITE ARE INGRAINED INTO

DECISION-MAKING TO ALLOW FOR A FORWARD-LOOKING VIEW OF THE RISKS FACING AN ORGANIZATION.”

MATTHEW MOORE, MANAGING DIRECTOR, PROTIVITI

“ ROLES AND RESPONSIBILITIES MAY SEEM TRIVIAL BUT ARE CRITICAL TO THE SUCCESS OF RISK

MANAGEMENT AT A FINANCIAL INSTITUTION. RISK MANAGEMENT DOES NOT JUST SIT WITH THE SECOND

LINE OF DEFENSE – IN AGILE RISK MANAGEMENT, THE LINES OF DEFENSE ARE EFFICIENTLY ALIGNED AND

ARE EQUALLY RESPONSIBLE FOR MANAGING RISK AND ADHERING TO THE DEFINED RISK APPETITE.”

PETER RICHARDSON, MANAGING DIRECTOR, PROTIVITI


WHAT DOES AN AGILE RISK MANAGEMENT MODEL LOOK LIKE RELATED TO COMPLIANCE REQUIREMENTS?

Today, financial institutions are governed by a multitude of regulations impacting all lines of business and service offerings. Compliance requirements have become increasingly complicated, yet firms’ management of these requirements has remained disjointed and reactive based on regulatory enforcement actions. Firms often struggle with translating their compliance requirements into applicable business risks. Compliance requirements are not maintained centrally, and policies and procedures governing the management of requirements do not exist.

As a result, firms are increasingly susceptible to noncompliance, as demonstrated by the stream of regulatory enforcement actions seen over recent years – actions that could have been avoided by taking an agile approach to managing the compliance requirements inventory.

Agile Risk Management would incorporate new compliance requirements and changes differently. The compliance organization is forward-looking in the agile state and prepares the business with detailed requirements that are applicable to relevant services and products. New compliance requirements are tracked and reported to the business well before formal release dates, and compliance advises in preparing for business process changes.

In order to maintain the requirements through a unified process, a comprehensive, centralized inventory exists that contains all applicable compliance requirements. Validation is performed on the back end to ensure that all aspects of required changes have been implemented and nothing has slipped through the cracks. In the agile state, new requirements are known, a plan to confirm compliance is implemented and full compliance is validated before updated standards go into full effect.

“ CAN AN ORGANIZATION’S COMPLIANCE FUNCTION RESPOND TO, AND QUICKLY ADDRESS, CHANGES

IN THE REGULATORY AND/OR INDUSTRY RISK MANAGEMENT ENVIRONMENT AS WELL AS CHANGES

TO THE COMPANY’S BUSINESS MODELS? THIS IS THE QUESTION THAT AGILE RISK MANAGEMENT

ANSWERS FOR THE COMPLIANCE REQUIREMENTS INVENTORY. GETTING THIS RIGHT PAYS DIVIDENDS

TO THE ORGANIZATION, NOT ONLY IN COVERAGE BUT ALSO IN MAXIMIZING EFFICIENCY BY LIMITING

UNNECESSARY DUPLICATION AMONG THE VARIOUS MONITORING FUNCTIONS.”

MICHAEL BRAUNEIS, MANAGING DIRECTOR, PROTIVITI


IN CLOSING

Adopting a more efficient and effective risk management framework brings real, demonstrable value to the business. Agile Risk Management aims to provide benefits that are tangible. For example, it can lead to a 10 percent reduction in organizationwide operating costs, which translates into a 3 percent increase in available capital to invest in new or existing businesses. Standardized business processes and collaborative efforts to integrate and eliminate redundant controls could also drive a 25 percent reduction in total hours spent on key risk management activities across lines of defense.

The increased confidence of risk coverage can lead to a 40 percent reduction in the volume of issues and regulatory findings. Finally, spending on risk and compliance costs could be reduced by 25 percent, allowing the redeployment of resources from the second line of defense to the business to help drive growth. These numbers are illustrative, but they demonstrate how the Agile Risk Management philosophy can translate into real monetary value for risk managers and the enterprise.

• 25% reduction in total hours spent on key risk management activities across control partners

• 25% reduction in risk and compliance operating costs

• 40% reduction in volume of issues and regulatory findings

• 10% reduction in organization-wide operating costs

• 3% increase in capital available to invest in new or existing businesses

• 10% increase in revenue growth and record member satisfaction scores

Process Simplification

Increased Confidence of Risk Coverage

Redeployed Second-Line

Resources

Increased Financial Benefits

Product and Channel

Innovation Opportunities

By employing an Agile Risk Management approach, senior managers are better informed and truly understand the risks they are undertaking – or, just as important, they understand the risks they are not taking – thanks to the refinement and strong implementation of fully understood risk management frameworks, which define roles and responsibilities across the organization. The philosophy encourages a strong risk culture that supports continuous improvement and fosters dialogue on strategic decisions and direction for the business.

Agile Risk Management increases transparency and accuracy in reporting and enables executive management to make timely business and risk management decisions. Improved transparency and an aligned organization also increase stakeholders’ confidence, including counterparties, funding providers and rating agencies. Proactive organizations that take the lead and adopt an Agile Risk Management philosophy will better meet the challenges of today’s customers, shareholders and employees, as well as adapt more fluidly to the changing risk and regulatory environment and realize benefits to the bottom line.


HOW PROTIVITI CAN HELP

Protiviti has a record of success helping clients develop Agile Risk Management practices with the responsiveness required for an ever-changing business environment. We work with more than 75 percent of the world’s largest financial institutions, which benefit from our collaborative team approach to resolving today’s risk management challenges. Our professional consultants have varied industry and regulatory backgrounds that enable our unified financial services practice, with the seamless integration of risk and compliance, technology, data and analytics solutions, to develop customized Agile Risk Management approaches to meet tomorrow’s challenges today.

Business, risk, compliance and internal audit groups need to work within an integrated framework with clear accountabilities that will lead to an aligned organization for making sound decisions. We address risk and operational excellence as two sides of the same coin, leading to agility and optimal performance. We understand how customer satisfaction, and in turn growth, have become elusive. While risk management is intended to drive growth, it too often becomes an inhibitor. Our expertise positions you at the forefront of effective risk management with a unique approach to reap both immediate and long-term benefits.


ABOUT PROTIVITI

Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. Protiviti and our independently owned Member Firms serve clients through a network of more than 70 locations in over 20 countries. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies.

Ranked 57 on the 2016 Fortune 100 Best Companies to Work For® list, Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

Contacts

Cory Gunderson Managing Director +1.212.708.6313 [email protected]

Timothy Long Managing Director +1.212.399.8637 [email protected]

Michael Brauneis Managing Director +1.312.476.6327 [email protected]

Atul Garg Managing Director +1.704.972.9612 [email protected]

Matthew Moore Managing Director +1.704.972.9615 [email protected]

Peter Richardson Managing Director +44 (0)20.7024.7527 [email protected]

Ed Page Managing Director +1.312.476.6093 [email protected]

George Brown Managing Director +852.2238.0486 [email protected]

David Dawson Managing Director +1.647.288.8505 [email protected]

Giacomo Galli Managing Director +39.02.6550.6303 [email protected]

http://www.protiviti.com

mailto:cory.gunderson%40protiviti.com?subject=

mailto:timothy.long%40protiviti.com?subject=

mailto:michael.brauneis%40protiviti.com?subject=

mailto:atul.garg%40protiviti.com?subject=

mailto:matthew.moore%40protiviti.com?subject=

mailto:peter.richardson%40protiviti.co.uk?subject=

mailto:ed.page%40protiviti.com?subject=

mailto:george.brown%40protiviti.com?subject=

mailto:david.dawson%40protiviti.com?subject=

mailto:Giacomo.galli%40protiviti.it?subject=

© 2016 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. PRO-0616-103077

* Protiviti Member Firm

THE AMERICAS

UNITED STATES

AlexandriaAtlantaBaltimoreBostonCharlotteChicagoCincinnatiClevelandDallasDenverFort LauderdaleHouston

Kansas City Los Angeles Milwaukee Minneapolis New York Orlando Philadelphia Phoenix Pittsburgh Portland Richmond Sacramento

Salt Lake City San Francisco San Jose Seattle Stamford St. Louis Tampa Washington, D.C. WinchesterWoodbridge

ARGENTINA*

Buenos Aires

BRAZIL*

Rio de Janeiro São Paulo

CANADA

Kitchener-WaterlooToronto

ASIA-PACIFIC

AUSTRALIA

BrisbaneCanberraMelbourneSydney

CHINA

BeijingHong KongShanghaiShenzhen

INDIA*

BangaloreHyderabadKolkata MumbaiNew Delhi

JAPAN

Osaka Tokyo

SINGAPORE

Singapore

CHILE*

Santiago

MEXICO*

Mexico City

PERU*

Lima

VENEZUELA*

Caracas

EUROPE/MIDDLE EAST/AFRICA

FRANCE

Paris

GERMANY

Frankfurt Munich

ITALY

Milan Rome Turin

THE NETHERLANDS

Amsterdam

UNITED KINGDOM

London

BAHRAIN*

Manama

KUWAIT*

Kuwait City

OMAN*

Muscat

SOUTH AFRICA*

Johannesburg

QATAR*

Doha

SAUDI ARABIA*

Riyadh

UNITED ARAB EMIRATES*

Abu Dhabi Dubai

agile risk management - re-engineering risk solutions to enable

Documents